OpenBSD

Today I was playing with OpenBSD routing domains the first time. Traditionally, multiple interfaces are connected to one routing table. A global switch called 'IP forwarding' will turn packet flows between all interfaces on or off. A more fine-grained control requires some kernel level packet filtering, usually done by PF on OpenBSD. However, with rdomains one can easily isolate traffic to specific routing domains, to separate networks in kernel space.

For quite a while, PCEngine's devices have been known to work well under OpenBSD. In the meantime, their famous Alix boards have been superseded by the next generation systems called APU. At work, we wanted to build a cheap sniffing device that could be used to tap and investigate 'interesting' traffic. An ideal use case to learn about the current state of affairs: OpenBSD on APU.

When Let's Encrypt has hit the planet and euphoria calmed down, I decided to give it a spin as soon as a clean, secure and simple OpenBSD client would be available. I may be late some months: letskencrypt has been published on Github on May 12th, 2016 and is currently available in version 0.18. I won't go into the merits of "why yet another client". Read Kristaps Dzonsons page on his beautiful design using isolated independent components. No Python. No Ruby. No Bash.